Lucene search

[email protected]CVE-2008-2066

HistoryMay 02, 2008 - 11:20 p.m.

CVE-2008-2066

2008-05-0223:20:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-2066

xss

web security

vulnerability

minibb 2.2a

nvd

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.8%

JSON

Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to inject arbitrary web script or HTML via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable.

CPENameOperatorVersion
minibb:minibbminibbeq2.2a

CPE	Name	Operator	Version
minibb:minibb	minibb	eq	2.2a

References

osvdb.org/95122

seclists.org/fulldisclosure/2013/Jul/102

secunia.com/advisories/30004

securityreason.com/securityalert/3846

www.minibb.com/download.php?file=minibb_update

www.minibb.com/forums/news-9/minibb-3.0.1-released-stable-fixed-secured-dedicated-6059.html

www.securityfocus.com/archive/1/491375/100/0/threaded

www.securityfocus.com/bid/28957

www.securityfocus.com/bid/61116

exchange.xforce.ibmcloud.com/vulnerabilities/42076

www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-minibb/

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.8%

JSON

Related for CVE-2008-2066

prion2 cvelist2 cve1